General
-
Target
c6d687a93a119f80b232d0a5430be96c_JaffaCakes118
-
Size
480KB
-
Sample
240828-ph4w7axgnc
-
MD5
c6d687a93a119f80b232d0a5430be96c
-
SHA1
dd3f1bf68e89370150e258793d0da4f1decda5c2
-
SHA256
1b258545e9107c34a16fdd668427521cf639f430fcad337c8c709f779a031a5e
-
SHA512
c283961aa63a13031234ea2ef7fcc69287e5ca831945dd1d38b2d8e6e8195b5ef0825dfbc59d9ac4cff4e2d75c789e0fedb36b13158499cf7f441fdb433dbbbc
-
SSDEEP
12288:N26YCaL0/TbBktszrqSldEXkNHhyOxSoIo/jnBA:g6naABk+qSsXkNHYuxhbB
Static task
static1
Behavioral task
behavioral1
Sample
c6d687a93a119f80b232d0a5430be96c_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
netwire
79.134.225.58:3360
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
79.134.225.58
-
lock_executable
false
-
offline_keylogger
false
-
password
Password2019@
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
c6d687a93a119f80b232d0a5430be96c_JaffaCakes118
-
Size
480KB
-
MD5
c6d687a93a119f80b232d0a5430be96c
-
SHA1
dd3f1bf68e89370150e258793d0da4f1decda5c2
-
SHA256
1b258545e9107c34a16fdd668427521cf639f430fcad337c8c709f779a031a5e
-
SHA512
c283961aa63a13031234ea2ef7fcc69287e5ca831945dd1d38b2d8e6e8195b5ef0825dfbc59d9ac4cff4e2d75c789e0fedb36b13158499cf7f441fdb433dbbbc
-
SSDEEP
12288:N26YCaL0/TbBktszrqSldEXkNHhyOxSoIo/jnBA:g6naABk+qSsXkNHYuxhbB
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-